sakai-vre-demo.oucs.ox.ac.uk machine status
This is the machine status page for sakai-vre-demo.oucs.ox.ac.uk.
Contents
1. Status
- The machine is up and running. sakai-vre-demo.oucs.ox.ac.uk / 163.1.2.230
2. Tasks to do
- (none?)
3. Tasks done
Basic system hardware and environment
- Find a machine (ex DCOCE, thanks Christian Fernau )
- Find a place to house it (Ray Miller controls the bench that the machine sits on)
- Punch a port 80 hole in the institutional firewall (the "hostmaster" RT queue controls such things)
Basic system software
Install scientific linux on box from https://www.scientificlinux.org/download (Scientific Linux SL release 4.2 (Beryllium))
Find correct network config from http://www.oucs.ox.ac.uk/network/calc.xml (163.1.2.230 /23)
- IP address: 163.1.2.230
- Network: 163.1.2.0
- Netmask: 255.255.254.0
- Broadcast: 163.1.3.255
- Gateway: 163.1.3.254
- Check networking and accounts
Update install from https://www.scientificlinux.org/documentation/howto/upgrade.4x
- Configure firewall (command was "system-config-securitylevel")
- Created accounts (syeates and zool0635)
Backup software installed and initial backup (roughly following http://www.ontonet.org/moin/ServerConfiguration/BackupUsingTsm)
- Install and configure postfix; disable sendmail
- Update /etc/aliases to forward email for root (logwatch, yum, etc.). Remember to run 'newaliases'.
Sakai, Shibboleth, etc
Install SAKAI See SakaiNotes http://sakai-vre-demo.oucs.ox.ac.uk:8080/portal
- Get kerberos running (Installed by default in Scientific Linux)
- Get ntp installed and running (required for kerberos, because of the use of timestamps)
Generate kerberos principal (See http://wiki.oss-watch.ac.uk/WebAuthNotes)
- Install ssh blacklisting
- Install Shibboleth
Link Shibboleth to WebAuth
Get shibd, httpd and tomcat to start automatically on reboot. This required converting scripts to use runuser rather than su, because SELinux doesn't let su be used in init scripts. The entire shibboleth system now restarts correctly.
4. Services
These are key services we are using or have added to the base system:
Service |
user id |
init.d script |
log files location |
sshblack |
root |
sshblack |
/var/log/sshblacklisting |
postfix |
root, postfix |
postfix |
/var/log/maillog |
dsmcad |
root |
dsmcad-init |
/var/log/dsmerror.log, /var/log/dsmsched.log, /var/log/dsmwebcl.log |
httpd |
apache |
httpd |
/var/log/httpd/* or /etc/httpd/log/* |
tomcat |
tomcat |
tomcat |
/opt/apache-tomcat/apache-tomcat-5.5.16/logs/* |
shibd |
root |
shibd |
/var/log/shibboleth/shibd.log |
shibboleth IdP |
(tomcat app) |
(n/a) |
/opt/shibboleth-idp/logs/* |
shibboleth AA |
(tomcat app) |
(n/a) |
/var/log/shibboleth/transaction.log ?? |
shibboleth SP |
(httpd module) |
(n/a) |
/var/log/shibboleth/ ?? |
Of these services, the only one which consumes considerable system runtime resources appears is tomcat. After starting up, serving a single request each for (a) the sakai portal homepage, (b) a remote SP login with AA access and (c) local login via local IdP, tomcat uses 1915M of virtual memory, but only 4.10 minutes of cpu (much of the cpu is spent initialising sakai). The machine has 514M of physical main RAM.
Notes for Redhat and similar systems:
For starting/stopping services with init.d script files, use the service command.
To configure services with init.d script files to stop or start at different system runlevels (and on system restart) use the chkconfig command.
5. Activating additional services
5.1. Automatic backup scheduler
Here are the commands used to activiate the Tivoli client acceptor daemon (CAD), which checks for and initiates automatically scheduled system backups using TSM (aka DSM):
[root@sakai-vre-demo bin]# cp /opt/tivoli/tsm/client/ba/bin/dsmcad-init /etc/init.d [root@sakai-vre-demo bin]# cd /etc/init.d [root@sakai-vre-demo init.d]# chmod a+x dsmcad-init [root@sakai-vre-demo init.d]# chkconfig --add dsmcad-init [root@sakai-vre-demo init.d]# chkconfig --list dsmcad-init dsmcad-init 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@sakai-vre-demo init.d]# service dsmcad-init start Starting TSM Scheduler (dsmcad)...done.
5.2. Postfix mail transfer agent
[root@sakai-vre-demo ~]# chkconfig --add postfix [root@sakai-vre-demo ~]# chkconfig --list postfix postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@sakai-vre-demo ~]# service postfix start Starting postfix: [ OK ]
-- StuartYeates and GrahamKlyne 2006-06-21 11:23:06
